On Apr 14, 2013, at 12:45 AM, Edwin Abraham <edwin.abraham12 () gmail com>
Last Summer as a part of an internship at DRDO (Defense Research and
Development Organisation) I was asked to go through their custom networking
protocol. So that they could improve the protocol handling and how the
application handled. Since they needed a quick fix and I used LUA scripts
to write a custom dissector for them. They were happy with the result. But
the in the end I realized they wanted to open the packet edit the data
within wireshark, compare it with other protocols they were using.
I agree with the fact there is a Packet Viewer but it’s not editable.
But if there is a UI where the packets can be manipulated by applying data
changes or designing a dissector with the existing packets.
Unless I *completely* misunderstand what you're proposing, "a UI where
the packets can be manipulated by applying data changes" is a completely
separate item from "[a UI for] designing a dissector with the existing
How do you envision the latter item working? And would it be more useful
if you had a UI to design a dissector *regardless* of whether you have a
capture file open with packets for that protocol, even if it has some
additional features that let you use existing packets for the protocol?
LUA is powerful and if the UI is setup to create the dissector without
using an IDE or at least eventually. If the reboot is given from within
the UI we can resume the Packet Editor session when wireshark restarts.
And if there's no need to *have* a reboot to use a new piece of Lua code,
that would be even better - you wouldn't *need* to resume the session.
I was thinking the Packet Editor should be able to display the packet
data to the user in the mode he desires. Like if the user wants to see the
packet in hex, then a specific part in decimal. Or to have the headers
applied and not applied on the packet. In the following is a rough idea of
what I mean.
Initially when a packet is opened it is already filtered by the headers
IP,UDP,etc. This editor can display the data in a way comfortable to add
custom headers (using dissectors) and temporarily apply and see the
payload. Once the packet is modified to user requirement, the user can
apply listeners to send the required data to the applications to analyse
When I mentioned that the editor can exist on its own I meant the UI
can be used wherever in wireshark to view packets like when designing
dissectors, applying filter, or any kind of packet manipulation.
You seem to be talking about changing the way packets are *displayed*.
That's not really an "editor" function, that's a "viewer" function; the
Packet Editor (GUI) item in the Wireshark GSoC page says "It would be
useful to be able to edit packet contents and to save edited packets back
What you're describing could be interesting (although you need to
describe it more clearly, for example by giving some examples of what the
UI might look like and what operations it supports), but it doesn't sound
as if it's a "packet editor", it sounds more like a "dissector editor".
I.e., it sounds as if you're describing something that lets you change the
way packet data is displayed, not something that lets you actually change
the data *in* the packet.
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
mailto:wireshark-dev-request () wireshark org